• State Resolved
  • Locked Locked
  • Replies 14 replies
  • Subscribers 81 subscribers
  • Views 1678 views
  • Users 0 members are here
Support feedback
Options
Options
Similar topics

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

CSM not locking on TMS320F28335

Mobashar Ahmad
Prodigy 100 points
Other Parts Discussed in Thread: C2000-GANG, UNIFLASH

I have completed my development, and would like to engage the CSM to lock my processor.  But I am not able to make it work.  I can still access my processor through JTAG without unlocking.

I have engaged the CSM by writing the password as recommended by TI ( I think).  Attached is my linker command file and assembly file that maps the CSM password and reserved sections.  I include these in my build and in the output hex file, i can see the password.  so i know its getting written.

Someone please help!

Linker Command File...

/*
NOTES: 1) Stack must be in low 64k data space. See p. 7-5 of Compiler
2) If you move the Stack, adjust main.c, and boot.c
3) This linker command file is only for Large Memory Model code (-ml)
4) If you adjust MAIN_C, adjust chksum in b.bat
5) Unified memory, don't have overlayed sections, except f. loader
since it executes only after the main application has stopped.
*/

--diag_suppress=16002
-l Flash28334_API_V210.lib
-l Flash28335_API_V210.lib
-l rts2800_fpu32.lib

MEMORY
{

/* program memory */
PAGE 0 :
HEADER_C : origin = 0x338000, length = 0x000010 /* appl header */
MAIN_C : origin = 0x338010, length = 0x007F50 /* appl execution space */
BOOT_DATA : origin = 0x33FF60, length = 0x000020 /* Boot Data: Assembly Info */
BOOT_ENTRY : origin = 0x33FFF6, length = 0x000002 /* CPU reset vector */
CSM_RSVD : origin = 0x33FF80, length = 0x000076 /* CSM reserved */
CSM_PSWD : origin = 0x33FFF8, length = 0x000008 /* CSM password area */

/* data memory */
PAGE 1 :
RAM_MODE : origin = 0x000050, length = 0x000008 /* RAM Bootloader Handle */
PIEVECT : origin = 0x000D00, length = 0x000100 /* application vect tbl */
RAMF_R : origin = 0x008000, length = 0x000600 /* ramf ram space */
MAIN_R : origin = 0x008600, length = 0x001600 /* appl ram space*/
STACK_R : origin = 0x009E00, length = 0x000200 /* stack space */
}

SECTIONS
{
.reset:
{
reset.obj(.text)
} > BOOT_ENTRY PAGE = 0

._stack:
{
_stack_start = .;
} > STACK_R PAGE = 1

.ramf: LOAD = MAIN_C PAGE = 0, RUN = RAMF_R PAGE = 1
{
Flash28335_API_V210.lib(.econst)
Flash28335_API_V210.lib(.text)
} LOAD_START(_ramf_l), LOAD_SIZE(_ramf_s), RUN_START(_ramf_r)

.cinit:
{
_cinit_start = .;
*(.cinit)
_cinit_end = .;
} > MAIN_C PAGE = 0

.econst:
{
_econst_start = .;
*(.econst)
_econst_end = .;
} > MAIN_C PAGE = 0

.text:
{
_text_start = .;
*(.text)
_text_end = .;
} > MAIN_C PAGE = 0

.ebss:
{
_ebss_start = .;
*(.ebss)
_ebss_end = .;
} > MAIN_R PAGE = 1

_boot_assm_data :
{
} > BOOT_DATA PAGE = 0

_csm_pswd :
{
} > CSM_PSWD, PAGE = 0

_csm_rsvd :
{
} > CSM_RSVD, PAGE = 0

}

csm.asm File


; Section - csmpasswds
; -This locates the CSM password in the the required section of TI memory.
;

.sect "_csm_pswd"

.int 0x795A ;PWL0 (LSW of 128-bit password)
.int 0x93A0 ;PWL1
.int 0x50A4 ;PWL2
.int 0x2B11 ;PWL3
.int 0xC902 ;PWL4
.int 0xE911 ;PWL5
.int 0xB44D ;PWL6
.int 0x9CB5 ;PWL7 (MSW of 128-bit password)


;----------------------------------------------------------------------

; For code security operation, all addresses between 0x33FF80 and
; 0X33fff5 cannot be used as program code or data. These locations
; must be programmed to 0x0000 when the code security password locations
; (PWL) are programmed. If security is not a concern, then these addresses
; can be used for code or data.

; The section "csm_rsvd" can be used to program these locations to 0x0000.

.sect "_csm_rsvd"
.loop (33FFF5h - 33FF80h + 1)
.int 0x0000
.endloop

  • 0
    TI__Guru** 109165 points

    Hi,

      I can still access my processor through JTAG without unlocking.

    Can you provide more info on the issue. Just by locking/securing the device does not mean one cannot connect to JTAG. It only means one can not access Flash content and secure RAM content via JTAG or from code running from unsecure location. Please check if you are able to read  the Flash content or secure RAM content via CCS memory watch window without unlocking the device. If you can read the content then device is not secure and you need to check the content at password locations in memory watch window.

    Regards,

    Vivek Singh

  • 0 in reply to Vivek Singh
    Prodigy 100 points
    I am able to erase flash. Would the CSM protect against erasing flash memory?
  • 0 in reply to Mobashar Ahmad
    TI__Guru 55700 points

    Ahmad,


    On a secure device, you cannot erase the flash without unlocking the device. Check whether you are unlocking the device.


    Regards,

    Manoj

  • 0 in reply to Manoj Santha Mohan
    TI__Guru 55700 points
    Ahmad,

    Did you issue a system reset after locking the device? Unless you provide a system reset, CSM will not take effect.

    Regards,
    Manoj
  • 0 in reply to Manoj Santha Mohan
    Prodigy 100 points
    Let me give you some more background on how I am doing this. I programmed the device using a C2000-GANG programmer, with a C# program that I wrote. The program uses the devices DLL to load the code (*.hex file) to the C2000 programmer and execute a flash. After flash is complete, I cycle power to the micro.

    To test that security is enabled, I disconnect the C2000-GANG and connect a Spectrum XDS510 programmer to the device. Then I open UniFlash and load a newly created configuration with all default values (including CSM password). I then execute an erase or try to unlock the device with the default password, and both work. This is how i know that it didn't work. From my understanding, all you need to do to enable the CSM is cycle power, right? Other than the assembly file containing the section assignments for CSM password and reserved space, I have no other code related to the CSM. So I am not inadvertently disabling the CSM from inside the software.

    If I program the CSM from UniFlash or the C2000-GANG GUI, it successfully locks the device. The problem is that I need to program these devices in a automated way, which is why I need to use the custom C# program I wrote. I did not find any commands in the C2000-GANG DLL related to CSM, other then specifying where the CSM is located (in a code file or separate password file).
  • 0 in reply to Mobashar Ahmad
    TI__Guru** 109165 points

    Hi,

    After following step -

      I programmed the device using a C2000-GANG programmer, with a C# program that I wrote. The program uses the devices DLL to load the code (*.hex file) to the C2000 programmer and execute a flash. After flash is complete, I cycle power to the micro.



    Please connect the XDS510 emulator and check the content of flash and password locations in flash using memory watch window. If you are able read the flash content or the value at password locations are ALL_1 (default value) then .out file is not programming the password values. Please check .map file and see if the allocation in section for password is proper. Also check if there are any warning msg during code compilation.

    Regards,

    Vievk  Singh 

  • 0 in reply to Vivek Singh
    Prodigy 100 points
    When I connect with XDS510 emulator, I can see the flash contents. I checked the CSM password location (0x33FFF8), and all words are 0xFFFF. So it looks like the password is not set. My map file seems to be assigning the csmpassword and csmrsvd locations, and the linker output isn't complaining about it. Also, when I check the .hex file that is outputted from build, it contains the CSM password. So it is getting mapped into output.

    Any other suggestions?
  • 0 in reply to Mobashar Ahmad
    TI__Guru** 109165 points

    Hi,

    Could you try progrmming the same ".out"  using XDS510 and CCS instead of C2000-GANG and see if that works fine?

    Regards,

    Vivek Singh

  • 0 in reply to Vivek Singh
    Prodigy 100 points
    It appears to work using the '.out' file with the XDS510.
  • 0 in reply to Mobashar Ahmad
    TI__Guru** 109165 points

    Good. Thanks for the update.

    So look like there is some issue with C2000-GANG programmer. This is third party development tool so we need to check with them.

    Could you check if there is some enable/disable feature on this programming tool which one need to enable to program the CSM passowrds (to avoid progamming the passwords by mistake)?

    Regards,

    Vivek Singh

  • 0 in reply to Vivek Singh
    Prodigy 100 points
    I have checked the C2000-GANG manual front to back for (link below). There doesn't appear to be anything related to the CSM except the configuration parameter CFG_CSM_PASSW_INDEX. This lets you choose the source of the CSM, which I set to CSM_CODE_FILE_INDEX. I assume this is correct, but I could not find any further help on this. Is there someone else we can ask?

    www.ti.com/.../spruhs0.pdf
  • 0 in reply to Mobashar Ahmad
    TI__Guru 55700 points

    Ahmad,


    At this point, I think you will served best if you contact C2000 gang programmer support team (support@elprotronic.com) as Vivek suggested.

    Regards,

    Manoj

  • 0 in reply to Mobashar Ahmad
    TI__Guru** 109165 points

    Hi Ahmad,

    I looked at the GUI of C2000-GANG programmer and there is option to enable/disable for CSM password programming.

    Please see the following snapshot -

    Please enable this option in your setup and try it again. It should work.

    Regards

    Vivek Singh

  • 0 in reply to Vivek Singh
    TI__Guru** 109165 points

    Hi Ahmad,

    I hope this issue is resolved. Let us know if you have any further queries on this.

    Regards,

    Vivek Singh